Introducing identity control

November 2011 Access Control & Identity Management

Ideco’s Marius Coetzee talks about how identity management is changing.

In an interview with Hi-Tech Security Solutions, Marius Coetzee, CEO of Ideco, outlines the principles of identity control.

As the disciplines of access control and identity management draw closer together, there is an opportunity to combine technologies and expertise from both disciplines in order to create business processes that are faster and more secure. Currently, there is little convergence between major players in the two fields – companies like Novell are not specialists in user-authentication and biometric companies like Morpho are not specialists in identity management.

Coetzee recognises that there is a clear and pressing need to encourage thinking around a new discipline – identity control. As he explains, “At Ideco, we want to encourage interactions that will provide a stronger link between two functions that are often quite separate – how we identify people and how that identity is managed.”

Linking recognition and response

For many years there has been a clear division between these two functions. Coetzee suggests that this division has been reinforced because authentication technologies are completely different to those employed within traditional identity management. And so are the companies that develop and deploy the technologies.

“We are talking about the difference between recognition and response”, says Coetzee. He draws an analogy with the differences between our senses and our thinking.

“We recognise elements around us through our senses. We see them, hear them, touch them and smell them. And we respond accordingly. Of course, the two are deeply interrelated but, as functions, they are utterly different. Our response is a function of our level of competency or the ability to influence or direct behaviour or the course of an event – this is the definition of control.”

In identity-based systems, the link between recognition and response is fundamental. For example, a physical access control system relies on its ability to recognise and respond appropriately, to either grant or deny entry.

Response can also be reactive or proactive. A proactive response will anticipate many other criteria such as potential risks and compliancy criteria before access is granted.

Coetzee says, “The accuracy of the response depends entirely on the accuracy of the recognition. Poor recognition means poor response.”

To illustrate this point, he uses the example of a card-based access system. “A modern card system is 100% effective at recognising cards. Consequently, it will react with 100% accuracy. That is the great strength of such systems. It is also their greatest weakness, they can only recognise cards. The person using the card is irrelevant to these systems. I can use your card and you can use mine. Card recognition is what it is, card recognition.

“The same weakness applies to systems that work with PINs and passwords. They are designed to recognise codes and lack any ability to recognise the person using the code. And yet we still persist in using them as the foundation for most identity management (IdM) solutions out there.”

Bridging the identity gap

Coetzee refers to this disconnect between recognition and response as the identity gap. He points out that many systems are able to manage and track a multitude of activities based on the authorisations that are allocated to system users. “We see high levels of competency in this regard within modern workforce management solutions that not only handle access and time worked, but also govern requirements relating to occupational health and safety.

“In terms of response, modern IdM solutions within IT also deliver high levels of functionality concerning access and activity.”

In any of these systems, it is obviously problematic if user-recognition relies on cards, PINs or passwords. It comes back to the fact that poor recognition leads to poor response. The wider the identity gap becomes, the more control organisations lose. If you cannot recognise users, if you cannot identify people, then you cannot hope to control what they can do.

Obviously, the purpose of an identity-based solution is not to control and manage cards or pins and passwords. Its objective is to manage people such as employees, partners, suppliers, contractors and customers within a set of rules that govern their access and activity.

Coetzee sees fingerprint biometrics as an obvious way to reduce the identity gap because they are so much more effective at recognising people: “The technology allows us to move much closer to achieving the twin goals of identity control: accurate recognition and accurate response.”

“It is this ability that has prompted thousands of SA organisations to replace cards and PINs with fingerprint recognition in order to reinforce the integrity of processes that control access and activity.”

The power of recognition

The benefits of narrowing the identity gap extend far beyond physical access control; the following areas are heavily reliant on recognition:

* Financial transactions: EFTs, payment cards and billing management systems.

* IT systems: managing and monitoring who does what, where and when.

* Licensing systems: motor vehicles and firearms.

* Civil identity solutions: passports, border control and ID documents.

In each of these areas, the process of confirming identity has become increasingly automated and is frequently performed remotely. A consequence of this automation is that the ability to recognise people has been diluted.

“Personal interactions have been replaced by interactions between people and systems. For example, we routinely conduct our financial transactions without dealing with somebody who actually knows and recognises us. Instead we use PINs and passwords and consequently are exposed to the widely-publicised risks of identity fraud.”

Coetzee suggests that competent identity control systems should be able to:

* Accurately recognise the identity.

* Proactively ensure compliance.

* Reliably direct the appropriate response.

* Diligently build audit chains that link identity with activities.

Creating audit chains

A key outcome of recording recognition and response within an identity control system is the ability to produce audit chains that link people with their activities. Coetzee says that the significance of such audit chains is entirely reliant on accurate recognition. He explains, “If we build definitive links between people and their actions, we can simultaneously prevent and deter unauthorised activity within the system.

“Firstly, we can prevent such activity by accurately controlling who can do what. Secondly, a potent deterrent to unauthorised activity is created by recording what they have done. However, if recognition is poor, if the identity gap is wide because the system relies on cards or PINs, then there is a proportionately weak link in the audit chain and we cannot positively connect identities and activities.”


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managing staff effectively
September 2019, dormakaba South Africa, iPulse Systems , Integrated Solutions, Access Control & Identity Management
Workforce management solutions allow organisations to track the relationship between productivity and the cost of employment, incorporating issues such as health and safety, T&A, rostering and more.

Read more...
Hennie Lategan joins Centurion as head of exports
September 2019, Centurion Systems , News, Access Control & Identity Management
Centurion Systems has announced the appointment of Hennie Lategan as the head of the company’s exports department.

Read more...
New AlproMAX7 secures maximum rating
September 2019 , Access Control & Identity Management, Products
Alpro has launched a new range of ultra-secure mechanical mortice deadlocks, the AlproMAX7 which comply with BS EN 12209.

Read more...
ViRDI UBio Tab 5
September 2019 , Access Control & Identity Management, Products
ViRDI Distribution SA (ViRDI Africa) has announced the release of its long-awaited UBio Tablet to the South African market.

Read more...
Visitor access control at Ruimsig Country Club
September 2019, Elvey Security Technologies , Access Control & Identity Management, Products
Cost-effective access control solution that would control the ingress and egress of people, without hindering the traffic throughput of members.

Read more...
Estate-focused visitor management solution
September 2019, Vox Telecom , Access Control & Identity Management, Residential Estate (Industry)
Vox has expanded its cloud-based visitor management solution to cater specifically for the needs of small multi-dwelling unit estates and large residential estates.

Read more...
Biometrics control airport railroad
September 2019, Suprema , Access Control & Identity Management
63 km railroad to Incheon Airport is centrally controlled and secured by Suprema biometric hardware and software.

Read more...
Dual energy X-ray inspection system
September 2019, Regal Distributors SA , Products, Access Control & Identity Management
The ZKX6550 X-ray inspection system increases the operator's ability to identify potential threats; the device is designed to scan briefcases, carry-on baggage, small cargo parcels.

Read more...
ZKTeco parking barrier
September 2019, Regal Distributors SA , Products, Access Control & Identity Management
The PB3000 parking barrier is an ideal automatic car park barrier for parking lot and security control; it can easily integrate with revenue collection and access control systems.

Read more...
ZKTeco automatic bollard
September 2019, Regal Distributors SA , Products, Access Control & Identity Management
The high-quality automatic bollard is used to protect security areas from vehicle intrusion; in case of power failure, the bollard can be lowered manually.

Read more...